Data Mining

There are two kinds of legal departments out there: those that are prepared for a lawsuit involving a mountain of electronic documents and those that aren't. Unfortunately, most fall into the latter category.

According to a November 2005 corporate litigation readiness study conducted by Connecticut-based market analyst EDDix, only 14 percent of the legal departments polled believe they have tools and processes in place to handle e-discovery, and only 28 percent rate their companies as more proactive than reactive when it comes to e-discovery readiness.

"Furthermore only 32 percent of companies say they have an established e-discovery response workflow," says EDDix Principal Michael Clark. "Without one, a company is, by definition, in a reactive mode."

Consultants and attorneys agree the reactive approach is dangerous.

"If you don't have a well thought-out e-discovery process, you've left yourself wide open to sanctions," says Sherry Harris, senior case management specialist with Hunton & Williams. "You need a system or process that tracks every step you take so you can defend what you did later on."

In the final installment of a three-part series on legal department technology, InsideCounsel looks at how legal departments still stuck in the reactive mode should go about choosing an e-discovery vendor, and how to avoid the potential potholes along the way.

Do Your Homework

While estimates vary, published reports indicate there are thousands of e-discovery vendors. Most are individual consultants, or local mom and pop companies that specialize is one particular aspect of the process, such as digital forensics. A growing number of vendors, however, now offer a full buffet of e-discovery services (see "SIDEBAR").

So to whom should you turn when you get hit with a lawsuit that requires you to retrieve a million or more electronic documents in multiple formats from multiple sites? Most likely you will want a vendor that employs an application service provider (ASP) model. ASP-based e-discovery vendors will visit each of your sites, harvest the data, take it back to their facilities for processing and put it on their own servers. In-house and outside counsel, paralegals and anyone else on the review team will then have access to the data via the Internet.

Finding a vendor with those capabilities requires you to do some homework. Before you pick an e-discovery vendor, you should conduct thorough research to learn about the vendor's financial health, its insurance coverage, the security measures it has in place and any potential legal conflicts it may have. Perhaps most importantly you should check the vendor's client references. Because the industry is so young, you also will want to know how long the vendor has been in business, whether it has been involved in any mergers or acquisitions and whether there are any lawsuits pending against the company.

Due to the substantial amount of data that has to be collected and processed in a major litigation, you will also need to ensure the vendor can handle a project of this size. Don't take the vendor's assurances for granted--ask about the current staffing levels and how much of the company's resources your project will consume. The Sedona Conference advises that you ask the vendor to explain its disaster recovery plan and the processes it has in place in case another company acquires it or a project manager leaves during the middle of your project.

"We really focused on the project management skills when looking into e-discovery vendors," says David Schieferstein, senior counsel with Philip Morris USA. "Does the vendor have the capacity, history and references to handle the job? We called some clients and it was surprising because some were not entirely complimentary."

If you're supplying data that needs to be carefully safeguarded against public disclosure, you also should have your IT department review the vendor's security measures. Again, don't take anything for granted--ask each vendor to map out exactly what happens to a document once it leaves your site and gets to the vendor's facility. Be a stickler for details: inquire about data back-up and recovery procedures; measures that will protect your data from hackers and viruses; how, where and when data encryption is applied; and whether access to the servers that will store your data is tightly controlled. Then, when you get down to your vendor short list, be sure to schedule on-site visits to view the security measures first hand.

Test Your Vendor

You also should take the same fastidious approach to reviewing the vendor's staff, especially those employees who will be assigned to your project. The Sedona Conference recommends you ask about employee background checks, drug screenings and turnover. Because there's a good chance the vendor's personnel may have to testify on your behalf, you'll also want to be sure those working for you have experience testifying in court.

"Legal departments are increasingly bringing in outside vendors because they can act as expert witnesses to attest to the thoroughness of the company's discovery process," says Bradley J. Gross, a technology law specialist with Florida-based Becker & Poliakoff.

Furthermore, when reviewing vendors keep in mind that few companies can handle the entire process of collecting, processing, presenting and searching data alone. Many will bring in other vendors as subcontractors--for example, they may hire a local vendor or consultant to assist with the data harvesting at one of your satellite facilities. Ask the vendor up front how much work it will outsource and perform the same background, security and employee reference checks on those subcontractors.

It might also pay to consider whether a vendor has experience handling complex, high-stakes class actions tried in federal courts.

"When you get into more complex cases, with a lot of data in different locations and platforms, you want to be choosy," Gross says. "At the end of the day, you'll place a higher value on a vendor that can provide a list of cases engaged in the federal courts, as opposed to a local state court."

In addition to the site visits and background checks, it's important to ask each vendor to perform a trial run based on representative sample data you provide. After all, client references are great, but you need to see how the vendor's processes adapt to your data and your specific review requirements. If possible, provide sample data in different formats representing different types of custodians. For example, providing case-specific CAD documents from the engineering department will help you see and compare the way each vendor processes these documents.

"You want to give the vendor a good sample of what you'll be collecting for production," says Anne Kershaw, founder of A. Kershaw, a New York-based litigation-consulting firm. "Data is different, and companies are different. Some are PowerPoint happy, while others lean toward Excel or Word documents. The vendors may approach a science-based company with a lot of technical documents differently. You want to ensure the vendors' systems can do what they say they can do."

During each demonstration, focus on the capacities of the review tool. Because the case will involve a substantial number of documents, your review team will need to be able to cross-reference each search. Make sure that you can configure a search a number of ways--by topic, author, date, or all of the above. And check to see if attorneys can redact, highlight or put a note on a document.

"You really have to focus on the vendor's technological capacity," says Michele C.S. Lange, legal technology staff attorney with Kroll Ontrack Inc., a Minnesota-based provider of electronic discovery and forensic services. "Once they collect the data, how long before you get it back? What if you provide a lot of challenging file types, files that are encrypted, corrupted, or password protected? What happens if the project scope changes in mid-stream and you add new data, or shorten the timeframe? Can the vendor process data on a rolling basis?"

Search The Result

You will also have to determine how you want to conduct your search and review process after collecting the documents. A key consideration in making this decision, of course, is how many documents you have to cull through. Despite recent technological advances, the document review "gold standard" for many in-house counsel still involves employing a small army of attorneys or paralegals to review each document by hand. That's fine in most cases, but if you've got a million or more documents to sort through, that approach is no longer feasible.

With corporate data reservoirs continuing to expand at an alarming rate, vendors are increasingly employing advanced software solutions to speed up the review and search process. These solutions make it easier to identify and eliminate duplicate and irrelevant documents and group together and rank relevant documents. In general, these solutions group documents together by electronically sifting through each one for specific keywords, date ranges, custodians, authors and file types. Most also employ de-duplication technology, which eliminates multiple copies of the same document--say an e-mail sent to numerous parties.

Unfortunately, most vendors are reticent to describe exactly how their technology works. So you'll have to ask questions, follow up with references and ask for a demonstration of how the technology works with your data. If possible, provide each vendor with a data sample that you already have reviewed internally, with the number of duplicate and relevant documents established beforehand.

"All these products claim to be the industry's salvation, but none can eliminate human review entirely," Harris says. "But the beauty behind them is they categorize or group documents and help prioritize them for review. Putting similar documents together speeds up the review process--doubling or maybe tripling the amount of documents a lawyer or paralegal can review over a set period of time. If you're paying somebody $200 an hour, that's a substantial savings."

Plan For The Future

Ultimately, the best way to save money is to avoid repeating this process. Once the case is over, you should immediately begin implementing a long-term e-discovery program, one that's based on preferred supplier relationships and pilot-tested workflows. That's what the companies with a heavy docket of ongoing litigation are doing. While it takes plenty of time and even more money to get prepared ahead of time, it's certainly worth it in the long run.

That's the way the legal department at San Ramon, Calif.-based Chevron Corp. sees it. Chevron recently named California-based ZANTAZ Inc. as its corporate e-discovery vendor. In-house and outside counsel are now required to use ZANTAZ on all significant litigation.

The vendor search took more than a year, says Ken Schaumburger, Chevron's manager of law function administration. Developing consultant and vendor relationships in advance, testing and streamlining e-discovery workflows, and establishing and building electronic production archives, he says, just makes good business sense.

"The real issue is you're spending money repetitively every time you create an e-discovery database," Schaumburger says. "In the past, outside counsel would build a database for each case, and then throw everything away. Now we have one tool and one database. When we have similar litigation cases we can use the same documents to fulfill similar discovery requests. That's extremely helpful and efficient, because we always know exactly what we produced in the past."

----------

[SIDEBAR]

E-discovery Vendors Defined

According to the Sedona Conference, there are three types of e-discovery vendors:

1. Those that process data, the activities of which are primarily volume driven--for example, data collection, hosting, storage, review and litigation support services;

2. Those that provide software solutions such as case management tools, document management and/or review tools, and search/categorization/retrieval tools; and

3. Consultants that offer expertise in one or more specific areas, such as forensics, data recovery, discovery strategy or risk management.

A few other nuggets of wisdom: a company that makes copies for review can technically call itself an e-discovery vendor. And while a vendor may provide solutions to a variety of e-discovery tasks, most usually play to a single strength. Outsourcing to subcontractors, therefore, is common.